Two on PGP: August keyanalyze Report Released, FBI ordered to reveal PC snooping technique

Drew Streib writes:

"I'm happy to announce the availability of the August keyanalyze report.

http://dtype.org/keyanalyze/

This month, the keyring was grown somewhat by an import from pgp.com, which brought the analyzed ring to over 1.85 billionbytes (I don't feel like doing the binary math for gigabytes conversion).

There is a special report on strongly connected sets smaller than the largest one. If you aren't in the large "strong set", then this report will tell you who else is reachable, and can be reached by you.

Also, individual key reports include hop histograms, showing the number of people at each distance from your key. This is a more detailed breakdown of the numbers that lead to the "mean shortest distance" final measurement.

Thanks to all those that have contributed code and ideas."

"When agents raided the computer system earlier, they discovered a file named "factors" that was protected with PGP encryption, according to the records. Suspecting the file contained records of gambling debts to support their loan sharking investigation, but unable to crack the encryption, agents installed the key logger to get the password as he typed. The cracked file later became key evidence in their case.

What the court doesn't know is how the key logger system works; the government said national security prevents it from disclosing its methods. But U.S. District Court Judge Nicholas H. Politan wants a better explanation. Politan called the FBI's computer keystroke log printout "gobbledygook" and ordered (download .pdf) the government to explain the technology used within the next 10 days.

The case has broad implications in the escalating debate about technology and privacy in the U.S. The government asserts that revealing the technology used to learn Scarfo's PGP password would endanger the lives of U.S. agents and hurt ongoing investigations of foreign intelligence agents. But a software designer says it's unlikely that a keystroke logging program itself contains especially sensitive technology."

Complete Story

Related Stories:

• Trojan in Aide Distribution at ftp.linux.hr(Aug 07, 2001)
• LinuxPlanet: .comment: My Semi-Annual Security Rant(Jun 06, 2001)
• Phil Zimmerman: PGP Marks 10th Anniversary(Jun 06, 2001)
• GnuPG 1.0.5 released(May 02, 2001)
• Linuxnewbie.org: Encryption Saves the Day(Apr 23, 2001)
• LinuxSecurity.com: Using GnuPG with Pine(Apr 14, 2001)
• Wired: Your E-Hancock Can Be Forged (Mar 21, 2001)
• ComputerWorld: Pretty Good Privacy creator resigns from Network Associates(Feb 21, 2001)
• email.about.com: Using PGP with K Mail(Feb 11, 2001)
• Linux Gazette: Secure Communication with GnuPG on Linux(Jan 01, 2001)
• FreeOS.com: E-mail security using Mutt and GPG(Dec 17, 2000)
• Linux.com: Secure Communication with GnuPG on Linux (Dec 17, 2000)